03-25-2020 04:14 AM
Hello!
I have the below YANG file and MakeFile for a simple firewall service. In it - I am trying to leafref the device's interfaces so you can see them in a drop-down list in the GUI .
===FW_SERVICE.yang===
module FW_SERVICE {
namespace "http://com/example/FW_SERVICE";
prefix FW_SERVICE;
import ietf-inet-types {
prefix inet;
}
import tailf-ncs {
prefix ncs;
}
import tailf-common {
prefix tailf;
}
import tailf-ned-fortinet-fortios-non-vdom {
prefix fortinet-fortios-non-vdom;
}
list FW_SERVICE {
key name;
uses ncs:service-data;
ncs:servicepoint "FW_SERVICE";
leaf name {
type string;
}
// may replace this with other ways of refering to the devices.
leaf FW_OBJECT_NAME {
tailf:info "New Firewall Object Name";
type string;
}
leaf FW_WO_COMMENT {
tailf:info "WO Reference Comment";
type string;
}
leaf FW_OBJECT_SUBNET {
tailf:info "FW Object Subnet Address";
type string;
}
leaf FW_OBJECT_NETMASK {
tailf:info "FW Object Subnet Address Netmask";
type string;
}
leaf FW_POLICY_NAME {
tailf:info "FW Policy name";
type string;
}
leaf FW_PORT_SRC {
tailf:info "Incoming Interface";
type leafref {
path "deref(../../device)/../ncs:config/fortinet-fortios-non-vdom:system/fortinet-fortios-non-vdom:interface/fortinet-fortios-
non-vdom:interface-list";
}
}
leaf FW_PORT_DST {
tailf:info "Outgoing Interface";
type string;
}
leaf-list FW_OBJECT_DESTINATION {
tailf:info "Destination Object";
type string;
}
leaf FW_ACTION {
tailf:info "FW Action - cccept or deny";
type string;
}
leaf-list FW_SERVICE {
tailf:info "Destination Services to add";
type string;
}
// replace with your own stuff here
}
}
===MakeFile===
all: fxs
.PHONY: all
# Include standard NCS examples build definitions and rules
include $(NCS_DIR)/src/ncs/build/include.ncs.mk
src=$(wildcard yang/*.yang)
DIRS = ../load-dir
FXS = $(SRC:yang/%.yang=../load-dir/%.fxs)
YANGPATH += ../../fortinet-fortios-cli-5.4/src/ncsc-out/modules/yang
## Uncomment and patch the line below if you have a dependency to a NED
## or to other YANG files
# YANGPATH += ../../<ned-name>/src/ncsc-out/modules/yang \
# ../../<pkt-name>/src/yang
NCSCPATH = $(YANGPATH:%=--yangpath %)
YANGERPATH = $(YANGPATH:%=--path %)
fxs: $(DIRS) $(FXS)
.PHONY: fxs
$(DIRS):
mkdir -p $@
../load-dir/%.fxs: yang/%.yang
$(NCSC) `ls $*-ann.yang > /dev/null 2>&1 && echo "-a $*-ann.yang"` \
$(NCSCPATH) -c -o $@ $<
clean:
rm -rf $(DIRS)
.PHONY: clean
Now the error that it throws at me :
[root@localhost src]# pyang yang/FW_SERVICE.yang
yang/FW_SERVICE.yang:5: warning: imported module ietf-inet-types not used
yang/FW_SERVICE.yang:14: error: module "tailf-ned-fortinet-fortios-non-vdom" not found in search path
/home/horia/ncs-5.3/src/ncs/yang/ietf-yang-schema-mount.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/ietf-yang-schema-mount.yang:9: error: unexpected keyword "reference"
/home/horia/ncs-5.3/src/ncs/yang/ietf-yang-schema-mount.yang:15: error: unexpected keyword "reference"
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-cluster.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-common.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-compliance.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-customers.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-devices.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-devices.yang:3789: error: XPath function "derived-from-or-self" is not defined in the XPath context
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-devices.yang:3997: error: XPath function "derived-from-or-self" is not defined in the XPath context
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-java-vm.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-log.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-packages.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-plan.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-python-vm.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-service-progress-monitoring.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-services.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-smart-license.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-snmp-notification-receiver.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-software.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-ssh.yang:2: error: bad value "1.1" (should be version)
/home/horia/ncs-5.3/src/ncs/yang/tailf-ncs.yang:2: error: bad value "1.1" (should be version)
If I try to compile the file :
[root@localhost src]# make --debug
GNU Make 3.82
Built for x86_64-redhat-linux-gnu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Reading makefiles...
Updating goal targets....
File `all' does not exist.
File `fxs' does not exist.
Prerequisite `yang/FW_SERVICE.yang' is newer than target `../load-dir/FW_SERVICE.fxs'.
Must remake target `../load-dir/FW_SERVICE.fxs'.
Invoking recipe from Makefile:27 to update target `../load-dir/FW_SERVICE.fxs'.
/home/horia/ncs-5.3/bin/ncsc `ls FW_SERVICE-ann.yang > /dev/null 2>&1 && echo "-a FW_SERVICE-ann.yang"` \
--yangpath ../../fortinet-fortios-cli-5.4/src/ncsc-out/modules/yang -c -o ../load-dir/FW_SERVICE.fxs yang/FW_SERVICE.yang
yang/FW_SERVICE.yang:52: error: the node 'device' from module 'FW_SERVICE' is not found
make: *** [../load-dir/FW_SERVICE.fxs] Error 1
As for the NED - I am using this one :
[root@localhost packages]# ls | grep forti
fortinet-fortios-cli-5.4
Am struggling a little bit with this .
Best regards!
Solved! Go to Solution.
03-26-2020 03:58 PM
Hello,
I tried a few test cases:
import tailf-ned-fortinet-fortios-non-vdom {
prefix fortios-non-vdom;
}
....
Makefile YANGPATH same as your's in first post..
03-25-2020 06:36 AM
Hi,
the error refers to this path in line 52 of your YANG model:
path "deref(../../device)/../ncs:config/fortinet-fortios-non-vdom:system/fortinet-fortios-non-
Basically, NSO cannot find ../../device (neither can I).
Regards,
Roque
03-25-2020 06:39 AM
03-25-2020 06:53 AM
Hi Rogaglia!
Thank you for your quick reply !
Tried that as well but with no luck (pretty sure I am misconfiguring something) :
Tried to find the correct xpath :
admin@ncs% xpath ctx devices device Fortigate_VM config system interface interface-list port1 eval ip
/devices/device[name='Fortigate_VM']/config/fortinet-fortios-non-vdom:system/interface/interface-list[name='port1']/ip
[ok][2020-03-25 09:39:56]
leaf FW_PORT_SRC {
tailf:info "Incoming Interface";
type leafref {
path "/ncs:devices/ncs:device[name='Fortigate_VM']/ncs:config/fortinet-fortios-non-vdom:system/fortinet-fortios-non-vdom:interface/fortinet-fortios-non-vdom:interface-list";
}
}
[root@localhost src]# make
/home/horia/ncs-5.3/bin/ncsc `ls FW_SERVICE-ann.yang > /dev/null 2>&1 && echo "-a FW_SERVICE-ann.yang"` \
--yangpath ../../fortinet-fortios-cli-5.4/src/ncsc-out/modules/yang -c -o ../load-dir/FW_SERVICE.fxs yang/FW_SERVICE.yang
yang/FW_SERVICE.yang:52: error: bad argument value "/ncs:devices/ncs:device[name='Fortigate_VM']/ncs:config/fortinet-fortios-non-vdom:system/fortinet-fortios-non-vdom:interface/fortinet-fortios-non-vdom:interface-list", should be of type path-arg
make: *** [../load-dir/FW_SERVICE.fxs] Error 1
I guess I am writing the path wrong ?
Best regards!
03-25-2020 02:36 PM
03-26-2020 12:17 AM
I modified it :
leaf FW_PORT_SRC {
tailf:info "Incoming Interface";
type leafref {
path "/ncs:devices/ncs:device[ncs:name='Fortigate_VM']/ncs:config/fortinet-fortios-non-vdom:system/fortinet-fortios-non-vdom:interface/fortinet-fortios-non-vdom:interface-list";
}
}
Same error unfortunetly :
[root@localhost src]# make
/home/horia/ncs-5.3/bin/ncsc `ls FW_SERVICE-ann.yang > /dev/null 2>&1 && echo "-a FW_SERVICE-ann.yang"` \
--yangpath ../../fortinet-fortios-cli-5.4/src/ncsc-out/modules/yang -c -o ../load-dir/FW_SERVICE.fxs yang/FW_SERVICE.yang
yang/FW_SERVICE.yang:52: error: bad argument value "/ncs:devices/ncs:device[ncs:name='Fortigate_VM']/ncs:config/fortinet-fortios-non-vdom:system/fortinet-fortios-non-vdom:interface/fortinet-fortios-non-vdom:interface-list", should be of type path-arg
make: *** [../load-dir/FW_SERVICE.fxs] Error 1
And yes - I know that I will fixate the device this way - but I am just trying to get at least this example working and I can start working towards a filter with "current device" from there .
03-26-2020 03:02 AM
I think the path-arg issue you are seeing here is because the path for a leafref must point to either a leaf-list or leaf node, but fortinet-fortios-non-vdom:system/fortinet-fortios-non-vdom:interface/fortinet-fortios-non-vdom:interface-list is a list, not a leaf-list. Instead of pointing to the interface-list object, you need to point to one of the leaf nodes contained within it. Try using the following path:
path "/ncs:devices/ncs:device[ncs:name='Fortigate_VM']/ncs:config/fortinet-fortios-non-vdom:system/fortinet-fortios-non-vdom:interface/fortinet-fortios-non-vdom:interface-list/fortinet-fortios-non-vdom:name";
03-26-2020 03:44 AM
Hello!
I modified it :
leaf FW_PORT_SRC { tailf:info "Incoming Interface"; type leafref { path "/ncs:devices/ncs:device[name='Fortigate_VM']/ncs:config/fortinet-fortios-non-vdom:system/fortinet-fortios-non-vdom:interface/fortinet-fortios-non-vdom:interface-list/fortinet-fortios-non-vdom:name"; } }
Same effect unfortunetly :
[root@localhost src]# make /home/horia/ncs-5.3/bin/ncsc `ls FW_SERVICE-ann.yang > /dev/null 2>&1 && echo "-a FW_SERVICE-ann.yang"` \ --yangpath ../../fortinet-fortios-cli-5.4/src/ncsc-out/modules/yang -c -o ../load-dir/FW_SERVICE.fxs yang/FW_SERVICE.yang yang/FW_SERVICE.yang:52: error: bad argument value "/ncs:devices/ncs:device[name='Fortigate_VM']/ncs:config/fortinet-fortios-non-vdom:system/fortinet-fortios-non-vdom:interface/fortinet-fortios-non-vdom:interface-list/fortinet-fortios-non-vdom:name", should be of type path-arg make: *** [../load-dir/FW_SERVICE.fxs] Error 1
I also tried another pyang validation - here is the output :
[root@localhost src]# pyang yang/FW_SERVICE.yang yang/FW_SERVICE.yang:5: warning: imported module ietf-inet-types not used yang/FW_SERVICE.yang:14: error: module "tailf-ned-fortinet-fortios-non-vdom" not found in search path yang/FW_SERVICE.yang:14: warning: imported module tailf-ned-fortinet-fortios-non-vdom not used yang/FW_SERVICE.yang:52: error: bad value "/ncs:devices/ncs:device[name='Fortigate_VM']/ncs:config/fortinet-fortios-non-vdom:system/fortinet-fortios-non-vdom:interface/fortinet-fortios-non-vdom:interface-list/fortinet-fortios-non-vdom:name" (should be path-arg) /home/horia/ncs-5.3/src/ncs/yang/ietf-yang-schema-mount.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/ietf-yang-schema-mount.yang:9: error: unexpected keyword "reference" /home/horia/ncs-5.3/src/ncs/yang/ietf-yang-schema-mount.yang:15: error: unexpected keyword "reference" /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-cluster.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-common.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-compliance.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-customers.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-devices.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-devices.yang:3789: error: XPath function "derived-from-or-self" is not defined in the XPath context /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-devices.yang:3997: error: XPath function "derived-from-or-self" is not defined in the XPath context /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-java-vm.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-log.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-packages.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-plan.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-python-vm.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-service-progress-monitoring.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-services.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-smart-license.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-snmp-notification-receiver.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-software.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs-ssh.yang:2: error: bad value "1.1" (should be version) /home/horia/ncs-5.3/src/ncs/yang/tailf-ncs.yang:2: error: bad value "1.1" (should be version)
Why does it actually say that it cannot find tailf-ned-fortinet-fortios-non-vdom ? It's in the path in the MakeFile I included :
[root@localhost src]# ls ../../fortinet-fortios-cli-5.4/src/ncsc-out/modules/yang fortinet-fortios-cli-5.4.yang tailf-ned-fortinet-fortios-common.yang tailf-ned-fortinet-fortios.yang fortinet-fortios-cli.yang tailf-ned-fortinet-fortios-non-vdom.yang
Best regards and thank you all for your help!
03-26-2020 03:58 PM
Hello,
I tried a few test cases:
import tailf-ned-fortinet-fortios-non-vdom {
prefix fortios-non-vdom;
}
....
Makefile YANGPATH same as your's in first post..
03-27-2020 04:54 AM
Hi Imanor!
Thank you very much for all your info !
This is what I was missing ! Once I've inserted this section into the yang file and referenced it as you did below - it worked like a charm :
leaf device { type leafref { path "/ncs:devices/ncs:device/ncs:name"; } } leaf FW_PORT_SRC { tailf:info "Incoming Interface"; type leafref { path "/ncs:devices/ncs:device[ncs:name=current()/../device]/ncs:config/fortios-non-vdom:system/fortios-non-vdom:interface/fortios-non-vdom:interface-list/fortios-non-vdom:name"; } }
Thank you very much for your help and explanations!
Best regards!
Horia
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the NSO Developer community: